Shulou(Shulou.com)06/01 Report--

This article will explain in detail the example analysis of the health detection mechanism in Docker. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

For containers, the simplest health check is a process-level health check, that is, to verify that the process is alive. Docker Daemon automatically monitors the PID1 process in the container. If restart policy is specified in the docker run command, you can automatically restart the terminated container according to policy. In many real-world scenarios, the use of process-level health check-up mechanism is far from enough. For example, although the container process is still running, it cannot continue to respond to user requests because of the application deadlock, which can not be found by process monitoring.

Usually, in order to prevent the container from turning on automatically after a power outage or abnormal shutdown, we can add

-- restart=always

For example

[root@aliyun] # docker run-- restart=always-d-- name blog-d-v / www:/www-v / wwwlogs:/var/log/wwwlogs-p 65423 name blog 65422-p 80:80-p 443 6777714a84063ee6d405c80b891254bba0e5930f5d271c5ad76cfd6e2f0058d8056

In this way, the container can restart automatically, but sometimes the program enters a deadlock state, or a dead loop, and the application process does not exit, but the container can no longer provide services. Before 1.12, Docker will not detect this state of the container, so it will not be rescheduled, resulting in some containers that can no longer provide services but are still accepting user requests.

Since 1.12, Docker has provided the HEALTHCHECK instruction, through which one line of command is specified to determine whether the service state of the container main process is still normal, so as to reflect the actual state of the container.

When the HEALTHCHECK instruction is specified in a mirror, the container is started with it. The initial state will be starting. After the HEALTHCHECK instruction is checked successfully, it will become healthy. If it fails a certain number of times in a row, it will become unhealthy.

HEALTHCHECK supports the following options:

-the interval between two health check-ups in interval=:. Default is 30 seconds.

-the timeout=: health check command runs for a timeout period. If this time is exceeded, this health check will be considered a failure. The default is 30 seconds.

-retries=: after a specified number of consecutive failures, the container status is regarded as unhealthy. The default is 3 times. Like CMD and ENTRYPOINT, HEALTHCHECK can only appear once. If more than one is written, only the last one takes effect.

The commands after HEALTHCHECK [options] CMD are formatted in the same format as ENTRYPOINT, divided into shell format and exec format. The return value of the command determines the success of the health check: 0: success; 1: failure; 2: keep, do not use this value.

Let's take a look at this dockerfile file.

FROM centosLABEL maintainer "awen Email:" WORKDIR / opt/COPY CentOS7-Base-163.repo / etc/yum.repos.d/CentOS-Base.repoCOPY nginx / etc/init.d/nginxENV NGINX_V=1.13.5\ OPENSSL_V=1.0.2l\ PCRE_V=8.41\ ZLIB_V=1.2.11 RUN yum-y update\ & & yum-y install openssh-server openssl gcc gcc-c++ pcre-devel openssl-devel zlib-devel wget make perl tar net-tools\ & & wget-c -4 https://nginx.org/download/nginx-$NGINX_V.tar.gz\ & & wget-c-4 https://www.openssl.org/source/openssl-$OPENSSL_V.tar.gz\ & & wget-c-4 ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-$PCRE_V.tar.gz\ & & wget-c-4 http://zlib.net/zlib-$ZLIB_V.tar.gz\ & & groupadd-r www & & useradd-r-g www www\ & tar zxvf zlib-$ZLIB_V.tar.gz\ & cd zlib-$ZLIB_V\ & configure\ & & make\ & & make install\ & & cd / opt\ & & tar zxvf pcre-$PCRE_V.tar.gz\ & & cd pcre-$PCRE_V\ & &. / configure\ & & make\ & & make install\ & & cd / opt\ & & Tar zxvf openssl-$OPENSSL_V.tar.gz\ & & tar zxvf nginx-$NGINX_V.tar.gz\ & & cd nginx-$NGINX_V\ & &. / configure-- prefix=/usr/local/nginx-- user=www-- group=www-- with-pcre=/opt/pcre-$PCRE_V-- with-http_ssl_module-- with-zlib=/opt/zlib-$ZLIB_V-- with-openssl=/opt/openssl-$OPENSSL_V-- with-http_v2_module-- with- Http_ssl_module\ & make\ & & make install\ & & rm-rf / opt/*\ & & mkdir-p / usr/local/nginx/ssl\ & & mkdir-p / usr/local/nginx/conf/vhost\ & mkdir-p / var/log/wwwlogs/\ & & mkdir-p / www/\ & & ssh-keygen-t rsa-f / etc/ssh/ssh_host_rsa_key-N'\ & ssh -keygen-t dsa-f / etc/ssh/ssh_host_dsa_key-N'\ & & ssh-keygen-t ecdsa-f / etc/ssh/ssh_host_ecdsa_key-N'\ & ssh-keygen-t ed25519-f / etc/ssh/ssh_host_ed25519_key-N'\ & & echo "RSAAuthentication yes" > / etc/ssh/sshd_config\ & & echo "PubkeyAuthentication yes" > > / etc/ssh/sshd_config\ & & sed-I "s/PasswordAuthentication yes/PasswordAuthentication no/g" / etc/ssh/sshd_config\ & sed-I "s/UsePAM yes/UsePAM no/g" / etc/ssh/sshd_config\ & & sed-I "s/#Port 22/Port 65422b g" / etc/ssh/sshd_config\ & & yum clean all\ & & mkdir / var/run/sshd\ & & chmod + x / etc/init.d/nginx\ & & rm-rf / root/*.cfg\ & echo "Asia/Shanghai" > / etc/localtimeCOPY ssl/* / usr/local/nginx/ssl/ COPY vhost/* / usr/local/nginx/conf/vhost/COPY nginx.conf / usr/local/nginx/conf/COPY ssh/* / root/.ssh/VOLUME ["/ www" "/ var/log/wwwlogs", "/ usr/local/nginx/ssl", "/ usr/local/nginx/conf/vhost"] EXPOSE 65422 80 443HEALTHCHECK CMD curl-fs http://localhost/ | | exit 1ENTRYPOINT / etc/init.d/nginx start & & chown-R www:www / var/log/wwwlogs/ & & / usr/sbin/sshd-D

Among them

HEALTHCHECK CMD curl-fs http://localhost/ | | exit 1

Is to add the health monitoring configuration, and then start it after compilation, and you will find that the status of the process is starting.

[root@aliyun ~] # docker ps-aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7714a84063ee 677 "/ bin/sh-c'/ etc/ini" 3 seconds ago Up 2 seconds (health: starting) 0.0.0.0bin/sh 80-> 80/tcp, 0.0.0.0aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7714a84063ee 443-> 443/tcp, 0.0.0.0aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7714a84063ee 65423-> 65422/tcp blog

If you check it later, you will find that its status is healthy.

[root@aliyun ~] # docker ps-aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7714a84063ee 677 "/ bin/sh-c'/ etc/ini" About a minute ago Up About a minute (healthy) 0.0.0.0aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7714a84063ee 80-> 80/tcp, 0.0.0.0aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7714a84063ee 443-> 443/tcp, 0.0.0.0aCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES7714a84063ee 65423-> 65422/tcp blog

We can check the status of the last 3 times through inspect.

[root@aliyun ~] # docker inspect-- format'{{json .State.Health}} 'blog | python-m json.tool {"FailingStreak": 0, "Log": [{"End": "2017-10-11T11:15:27.516562686+08:00", "ExitCode": 0, "Output": "\ r\ n301 Moved Permanently\ r\ n\ r\ n301 Moved Permanently\ r\ nnginx\ r\ n\ r\ n\ r\ n" "Start": "2017-10-11T11:15:27.470554485+08:00"}, {"End": "2017-10-11T11:15:57.563377729+08:00", "ExitCode": 0, "Output": "\ r\ n301 Moved Permanently\ r\ n\ r\ n301 Moved Permanently\ r\ nnginx\ n\ r\ n\ r\ n\ n\ n" "Start": "2017-10-11T11:15:57.516690754+08:00"}, {"End": "2017-10-11T11:16:27.609685416+08:00", "ExitCode": 0, "Output": "\ r\ n301 Moved Permanently\ r\ n\ r\ n301 Moved Permanently\ r\ nnginx\ n\ r\ n\ r\ n\ n\ n" "Start": "2017-10-11T11:16:27.563533362+08:00"}, {"End": "2017-10-11T11:16:57.654441173+08:00", "ExitCode": 0, "Output": "\ r\ n301 Moved Permanently\ r\ n\ r\ n301 Moved Permanently\ r\ nnginx\ n\ r\ n\ r\ n\ n\ n" "Start": "2017-10-11T11:16:57.609810588+08:00"}, {"End": "2017-10-11T11:17:27.701113019+08:00", "ExitCode": 0, "Output": "\ r\ n301 Moved Permanently\ r\ n\ r\ n301 Moved Permanently\ r\ nnginx\ n\ r\ n\ r\ n\ n\ n" "Start": "2017-10-11T11:17:27.654580727+08:00"}], "Status": "healthy"}

If the health check fails more than the number of retries, the status changes to (unhealthy).

This is the end of the article on "sample Analysis of Health Detection Mechanism in Docker". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.